Security-First Architecture
Built for government-grade trust.
Every design decision prioritizes the security and auditability of your workflows. Your data is safe, portable, and 100% yours.
AES-256 + TLS 1.3
Encrypted at rest & in transit
Role-Based Access
Segregation of duties
SOC 2 Type II
Planned
GovRAMP
Planned
ISO 42001
Planned
Security Overview
What we protect
Execution & compliance data.
- Award and execution data (financial amounts, milestones)
- Compliance and reporting documentation
- Entity and recipient data (UEI, TIN, audit findings)
- Administrative user information (names, emails, roles)
- Workflow configurations and organizational structures
What we don't touch
No consumer data. No sensitive PII.
- Personally identifiable information (PII) of citizens
- Protected health information (HIPAA data)
- Social Security numbers or biometric data
- Classified or national security information
Shared Responsibility
Security is a shared responsibility between Vireon, our cloud provider, and your agency.
Vireon
Application security, encryption, access controls, monitoring, patching, and incident response.
AWS (Cloud Provider)
Physical data center security, hardware, and foundational cloud services running in US regions.
Your Agency
User access management, data classification for uploaded content, and internal SaaS usage policies.
Questions?
We're happy to walk through our security posture.
Share documentation, answer your agency's security questionnaire, or schedule a call.